Black Hat USA 2017 will take place July 22–27 at Mandalay Bay Convention Center. Among the talks:

Facebook CSO Alex Stamos will present a talk called “Stepping up our game: Re-focusing the security community on defense and making security work for everyone”

Briefings will focus on vulnerabilities in such areas as IoT, malware, smart grid and industrial security and AppSec.

Black Hat Arsenal(Wednesday and Thursday, July 26-27) where independent researchers and the open source community will give live demos of their latest tools.

The event will also include the Black Hat Business Hall (Wednesday and Thursday, July 26-27), featuring more than 270 security companies. There will also be a career zone, an innovation city and vendor sessions. Sophos will be in booth 947.

What’s happening in the Sophos booth?

Sophos researchers will be on hand at the booth throughout the event, including Dorka Palotay, who will discuss her new paper on the Philadelphia ransomware-as-a-service (RaaS) kit. Technical demos will include an Intercept X overview, with particular focus on how it defends customers from the likes of WannaCry. There will also be a shirt giveaway for those who stop by the booth and say “Sophos is next-gen security”.

As processing power and deep learning techniques have improved, Sanders says, deep learning has become a powerful tool to detect and classify increasingly complex and obfuscated malware at scale. A plethora of white papers exist touting impressive malware detection and false positive rates using machine learning, but virtually all of these are shown in the context of a single source of data the authors choose to train and test on. Hillary said in her talk description:

Accuracy statistics are generally the result of training on a portion of some dataset (like VirusTotal data), and testing on a different portion of the same dataset. But model effectiveness (specifically detection rates in the extremely low false-positive-rate region) may vary significantly when used on new, different datasets – specifically, when used in the wild on actual consumer data.

In this presentation, I will present sensitivity results from the same deep learning model designed to detect malicious URLs, trained and tested across 3 different sources of URL data. After reviewing the results, we’ll dive into what caused our results by looking into: 1) surface differences between the different sources of data, and 2) higher level feature activations that our neural net identified in certain data sets, but failed to identify in others.

WannaCry, NotPetya and Vault 7

Expect to hear a lot about May’s massive WannaCry outbreak and the NotPetya attack that came a month later. Both spread rapidly across the globe using NSA exploit tools leaked by the hacking group Shadow Brokers. WannaCry was unique in that it was ransomware spread by a worm instead of the usual phishing tactics. NotPetya was more traditional ransomware, but still spread further than most using the NSA tools.